…requires more than just good programming.

Category Archives: software

I have been using Google’s AdWords Cost Per Action (CPA) bidding for a number of years. I set the maximum I was prepared to pay for a conversion (e.g. a successful install of my software). AdWords then set the bid price to try and get me conversions at that price or less. It worked pretty well for a number years and it saved me a lot of time tweaking bid prices. But Google recently phased out Maximum CPA bidding and forced me to switch to Target CPA bidding. From this point I could only specify the average price I was prepared to pay per conversion. This is where it all started to go wrong.

AdWords started to bid crazy prices. Check out the screenshot below. You can see that in each case the average Cost Per Click (CPC) is more than the CPA price. For example, in the first row I have set £0.50 as the price I am prepared to pay for conversions from the ‘seating charts’ ad group. Typically about 10% of people who click on one of my Adwords ads will install the software and trigger a conversion (which is fairly standard). So a £0.50 CPA means that AdWords should be bidding somewhere around £0.05 per click. Google knows this, because they have vast amounts of data from my AdWords account (11 years worth). But the average price for the last 3 clicks was £1.17 per click. WTF Google – that’s my money!

Given that the base version of my software costs £19.95 (one time fee) there is no way I can make a profit at £1.17 per click. Not all the bids are this crazy. But there are enough crazy bids to put my whole AdWords campaign into a tailspin. So I have been forced to switch back to manual CPC bidding. If you have also been forced to switch from Maximum CPA to Target CPA bidding, then I suggest you keep a careful eye on your cost per click.

Share this:

When you run a business (even a small business like mine) you have to make a lot of decisions. Many of these decisions are complicated and have to be taken with incomplete information. But you can’t take too long over them, or you will never get anything done. Here are 3 techniques I use to help with difficult decisions.

Break it down

This is a very simple method for breaking a difficult decision down into smaller parts using a spreadsheet.

Decide the criteria that are important for the decision. Add a row for each.

Add a weighting column. Assign each criteria a weighting in the range 1 to 10, depending on its relative importance to you.

Add a column for each option you are considering.

Set each criterion/option cell a value in the range 0 to 10, depending on the extent to which the choice for that column fulfils the criteria for that row.

Calculate the weighted sum for each column.

Choose the outcome with the highest weighted sum.

Here is an example for choosing between 3 different types of hosting:

It’s not particularly scientific, but it does force you to systematically break down the problem into smaller parts and justify your decision.

Take the long view

It sometimes helps to stand back and look at the bigger picture. I can think of no better way to do that than to ask a hypothetical (hopefully elderly) future me, lying on my deathbed, which option they approve of. For example, given the choice between adding an innovative new feature to my product or improving the conversion funnel by a few percent, I think future me would be happier that I chose to add the innovative new feature. It is also a useful reminder that many decisions probably aren’t all that important in the grand scheme of things.

Flip a coin

Sometimes you need to make a decision, but you don’t have enough information or the time taken to get that information is going to cost you more than making the wrong decision. In that case, don’t agonise over it. Just roll a dice or flip a coin and move on.

I prefer static websites to a CMS for simple product websites because:

Static websites are fast.

I have more low-level control over the HTML/CSS.

I don’t have to worry about the very-real threat of a CMS being hacked.

Obviously writing every page separately in raw HTML/CSS would go against one of the cardinal rules of development, Don’t Repeat Yourself. But you can avoid this using a static website generator such as Hammer for Mac.

Hammer uses a simple syntax embedded in HTML comments to ‘compile’ a website from source files. I have now used Hammer to create several static HTML/CSS websites, including my perfecttableplan.com and hyperplan.com websites.

I like the simple syntax of Hammer. For example:

I can put the HTML for a page header in an _header.html file and then each page just needs to start with:

If Hammer can’t make sense of a source file (e.g. it can’t find the image file), it generates a compilation error.

Because everything is text based I can easily manage all the source in a version control system. Also, if I have to move away from Hammer, it should be relatively straightforward to change the syntax to another static generator (or even write a replacement for Hammer!).

Overall I like Hammer. But it does have a number of shortcomings:

1. The user interface is very limited. Hammer shows you a list of source files and you can click on a source file to see the compiled version or edit the source. But the source files are listed in the order they were edited and you can’t filter or sort the list. This seems such a simple and basic feature, that I can’t understand why the developers have omitted it.

2. Hammer takes a dumb, brute force approach to compilation. If you change any file in a source folder, it recompiles *everything*, without checking if other source files include that file. This is a pain if you have 100+ source files. Surely it wouldn’t be that hard to work out which files depend on which and only recompile the files that need recompiling?

I created the website for PerfectTablePlan back in 2005, using a dreadfully buggy piece of software called NetObjects Fusion (NOF). The sorry story of why I ended up using NOF is told here.

Until recently the front page looked like this.

I had done a fair amount of A/B test tweaking and it converted visitors to downloads and sales relatively well compared to other downloadable product websites. But it had that ‘designed by a programmer’ look and it wasn’t responsive, so it didn’t work on well on mobile devices. My software only runs on Windows and Mac, but I still want to appear in mobile searches. The HTML generated by NOF was also pretty horrible. Frankly, I was a bit embarrassed by it when I looked at websites for other products. I kept on meaning to update it, but there was always something more urgent or (to be honest) more interesting to do. I finally bit the bullet and had it redesigned in 2015. The front page now looks like this:

The process was:

I wrote a specification for the new design.

I ran a 99Designs.com competition to design a new home page based on the spec.

I selected the winning designer and paid them to design 3 additional pages in the same style.

I poured all the old content into the new design. Being careful to maintain the existing page names, titles, text and images etc, so as not to lose existing organic traffic.

The whole process didn’t cost a great deal (somewhere around $2k), but it took quite a lot of my time, spread over 5 months. Especially the final step. This wasn’t helped by the size (some 128 pages were converted) and general cruftiness of the old website, and my lack of knowledge of CSS and responsive design.

I didn’t want to be locked in to a CMS, so I used Mac static website generator Hammer4Mac to generate the HTML. It goes without saying that I wrote a program to help me pull all the content out of the old website and into Hammer4Mac! While Hammer4Mac isn’t without flaws, I found it a vast improvement over NOF and the new website is now much easier to update and maintain than the old one.

The new website went live on 16-Dec-2015.

So how much difference did the redesign make? Here are the changes based on comparing 25 weeks of data before the change and 25 weeks of data after the change:

bounce rate

+1.5%

time on page

+16.0%

traffic

+6.5%

desktop traffic

-2.2%

mobile & tablet traffic

+40.0%

completed installs

+1.4%

sales transactions

+11.4%

total sales value

+21.8%

visit to sale conversion ratio

+4.6%

average order value

+9.4%

The increase in mobile traffic as a proportion of total traffic is pretty clear from analytics (the dip in December is seasonal):

I believe a 21.8% improvement in sales is a lot more than I would have got by spending the same amount of time and money improving the product itself, which is pretty mature after 11 years of work.

Overall it looks pretty positive. But, as analytics data is fairly dirty (e.g. due to analytics spam) and I didn’t run a split test, I can’t definitely say that the changes above were due to the website changes. I wasn’t able to compare all the above data with the same time period for the previous year due to some missing analytics data. But the sales data for 25 weeks before and after 16-Dec in the previous year was:

sales transactions

-9.9%

total sales value

-2.7%

average order value

+8.1%

Which implies that the sales changes are unlikely to be due to seasonal factors.

I use some of the code generation and refactoring tools in QtCreator. These save a lot of time, but they don’t format C++ code how I like it. For example they produce C++ code like this:

void MyClass::foo(int *x)

But I like my code formatted like this:

void MyClass::foo( int* x )

The differences may seem minor, but they are a source of significant irritation to me. I like my code how I like it, goddammit! And consistent formatting enhances readability. However re-formatting it by hand is time-consuming and tedious.

What I need is a tool that can enforce consistent formatting in the style that I like, or something close. I have tried to use automatic C++ formatting (pretty printing) tools in the past, but I couldn’t get them to produce a format that was close enough to what I wanted. But I have finally found the tool for the job. Clang-Format.

Clang-Format is part of the LLVM family of tools. It is a free, command-line tool that reformats C++, Objective-C or C according to the settings in a config file. As with many free tools, it isn’t terribly well documented. Some of the documentation on the web is out of date and some of it is incomplete. But I have managed to find out enough to configure it how I like it.

To run it you just need to place your options in a .clang-format file, make sure the clang-format executable is in the path and then run it:

It took me a few hours of fiddling with the settings to find the best combination. It would be really useful if someone could write a tool that would analyze your C++ code and create a .clang-format file for you. You would probably only want to do this once though, so I don’t think it has much potential as a commercial product.

There are only two things I couldn’t get quite right in the formatting:

I couldn’t get it to add a blank line after public, protected and private declarations. I fixed this with a quick Perl hack (see below).

I couldn’t get it to indent continuation lines how I would like (ideally indented 1 or 2 spaces from the first line). It is a small price to pay and I am just putting up with it for now.

Perhaps there are options to do these and I just didn’t find them.

Here is the Windows .bat script I used to format all the C++ files in a folder.

Few people launch software products expecting them to fail. But many products do fail. I don’t have any figures, but I think I can fairly confidently state that more commercial software products fail than succeed. You think your product isn’t going to be one of the failures. But so does everyone else. The only way to find out for sure is to launch. The sooner you launch, the sooner you will find out. I have banged the drum for releasing early before, so I won’t labour it here. But it begs the question – how do I launch fast? What do I leave out? Based on my experiences of launching 3 software products, this is what I would leave out.

Polish

As developers we (hopefully) all want to do great work that we can feel proud of. But, as entrepreneurs, we need to be careful not to spend lots of time polishing something that might be a turd. So ship v1.0 before it is polished. Early adopters tend to be fairly forgiving of a few rough edges, if they are interested in the direction you are taking. I spent 6 months (part-time) working on the first version of my AdWords keyword tool. It flopped. So I shipped the first version of my visual planning software within a few weeks of writing the first line of code. It was pretty bare-bones and a bit slow for plans with hundreds of cards, but it was enough to demonstrate the basic concept.

Designer website

You don’t need a beautiful, state-of-the-art website to launch your product. My own table planner software had a pretty ropey website (designed by me) for the first 10 years and it did fine. Just make sure the website clearly conveys what your product does.

Logo

You don’t need a professional logo for v1.0. The product name in coloured text using a font other than Arial will probably be fine. I did the initial logo for Hyper Plan in Microsoft Word Art in 10 minutes. Here it is in all it’s glory:

I only paid a designer to come up with something better once I was sure it was worth my while.

DRM/Payment processing

I shipped the first version of Hyper Plan without even setting up licensing or payment processing. Every time you ran it, it just put up a window saying that it would expire on a certain date and that a new release would be available by that date. After that date it just stopped working.

I only added licensing and payment processing once I had proved enough people were interested in the concept to make it worth my while. If you are going to take this approach, make sure you let people know that they will be expected to pay at some point.

Sophisticated pricing model

Ideally you want to segment your customers so you can charge more for the people who are prepared to pay more. But you probably don’t understand your market well enough to do this when you are starting out. So just pick a single price. I introduced segmented pricing for PerfectTablePlan in v4. Hyper Plan still has a single price.

Feature parity with your competitors

Trying to achieve feature parity with established competitors in v1.0 is a fool’s errand. Just pick one pain point that you think is not being well addressed and try to solve that. Make your lack of features a selling point by emphasizing how simple your product is to use.

Multi Platform

If it is going to take significant additional effort to release multi-platform, then just pick one platform to launch v1.0 on.

Extensive documentation

The first version of your product should be simple enough and well enough designed that it doesn’t need extensive documentation. My Hyper Plan software has been out for a year and it still only has a one page quick start guide.

Mailing list

Many people advocate building up a mailing list of interested people before you launch. It obviously helps a lot if you already have an audience in the market you are launching into. But, if you don’t, it takes significant time and effort to build that audience. I would rather put in that effort once I have something to show them.

Trademark

Why bother to spend time and money trademarking something if you don’t even know if anyone wants it?

Patent

I’m not a fan of software patents and I don’t have any patents after nearly 11 years in business. So I certainly wouldn’t waste time and money on a patent for v1.0.

Lawyers

If a bug in your software could kill someone or destroy their business, you should probably talk to a lawyer. Otherwise a boiler-plate end user licence agreement is probably fine for v1.0.

Company

I did create a limited company before I launched my first product to get a bit of extra legal protection. But its not strictly necessary (in the UK at least).

Trade-offs

It’s all a tradeoff. Obviously it is better to have a beautiful website than an ugly one. But is it worth spending lots of time and money on designing a beautiful website for an unproven product?

The best approach depends very much on your market and circumstances. If you are a big player with lots of money and reputation, then much of the above may not apply. If you are selling web design products, you had better have a pretty slick looking website for v1.0. If you are selling aircraft avionics systems then I hope v1.0 of your product is pretty polished.

TL;DR : If you digitally sign your software you need to make sure you have an SHA2 certificate and use it to dual sign your software with both SHA1 and SHA2 digests.

Digital certificates are used to prove who authored a piece of software and that it hasn’t subsequently been tampered with. Starting with Windows XP SP2 you get a warning message if you download software that that isn’t signed with an appropriate digital certificate. So most commercial software vendors digitally sign their software. We grumble about price gouging by the certificate vendors and the hoops we have to jump through to get a certificate. But, apart from that, the system seems to work tolerably well. However Microsoft have thrown a spanner into the works by deprecating digital certificates using the SHA1 algorithm. I only found out about this a few weeks ago from a fellow vendor’s blog. Thanks for nothing Microsoft. If you are using a digital certificate you purchased more than a year ago, it is probably SHA1. This post explains what this means for software vendors, based on my research so far. I am not an expert on this topic and things seem to be changing fast, so please let me know if there are any mistakes or omissions.

I don’t digitally sign Windows software, does this affect me?

No. But perhaps treat Windows unsigned software warning with some skepticism until Windows software vendors sort this mess out. If you only develop for Mac OS X you can feel a bit smug (at least until the next time Apple nukes your development ecosystem from orbit).

What is SHA1?

SHA1 (Secure Hash Algorithm 1) is a cryptographic hash function that was used in digital certificates issued until recently. SHA1 was known to have weaknesses as far back as 2005. Microsoft (and Google) have finally decided that SHA1 is too vulnerable and SHA2 digital certificates should be used instead.

What happens if my certificate is SHA1?

If you signed your software with a timestamp before 01-Jan-2016:

It will be treated by Windows XP SP2/XP SP3/Vista as signed.

It will be treated by Windows 7/8/10 as signed only until 01-Jan-2017.

If you signed your software with a timestamp on or after 01-Jan-2016:

It will be treated by Windows XP SP2/XP SP3/Vista as signed.

On Windows 7/8/10 and you will get an ugly “The signature of <file> is corrupt or invalid” or “The signature of this program is corrupt or invalid” error when downloading. If you don’t see this, it might be because you haven’t done a Windows Update recently (shame on you).

Windows seems to treat software that has been downloaded from the web (with ‘mark of the web’) differently. So make sure you test a version of your software you have downloaded from the web. I carried out some tests on 01-Mar-2016 using an SHA1 certificate to sign an executable and then dowload it. It worked ok when downloaded using Firefox or Chrome, but was shown as corrupt when downloaded using IE.

How do I know if my current certificate is SHA1?

Right click on your most recently signed installer and select Properties.

Click on the Digital Signatures tab.

Select the signature and click on the Details button.

Click the View Certificate button.

Click the Details tab.

Look at the Signature hash algorithm.

What should I do if my certificate is SHA1?

If you certificate hasn’t expired you should ask the company you purchased it from to issue you a new SHA2 certificate. They should do this free of charge. In the process they will revoke your SHA1 certificate, so you can no longer use it for signing. You should then use your new SHA2 certificate to double sign new releases (see below).

I have an SHA2 certificate, now what?

If you want a new release to be treated as signed on both Windows XP SP3/Vista and Windows 7/8/10 then you need to double sign the file for SHA1 and SHA2:

If you only want to support Windows 7/8/10, then you can omit the first line (but why would you?).

You can use chktrust.exe to check the signature:

chktrust.exe <installer>

Note that only version 6.3 and later of signtool.exe (which comes with Windows 8.1 SDK and is also available here) supports the /as flag.

I always sign the program, as well as the installer.

Can I double sign .msi files?

I have seen reports that .msi installers don’t support double signing. But I don’t use .msi installers, so I haven’t investigated further.

What happens to software I signed with my SHA1 certificate after the certificate is revoked?

Software you signed previously will not be affected, e.g. it will be treated as signed by Windows 7/8/10 until 01-Jan-2017

How do I sign Windows XP SP1/XP SP2 software?

Windows XP SP1 doesn’t warn you if there is no signature, so you can ignore XP SP1. SHA2 signatures are not supported in Windows XP SP2. So you will need to have both valid SHA1 and SHA2 certificates to support XP SP2 and all the later versions of Windows. Its not clear that certificate vendors will allow this. Also, how many people with Windows XP SP2 (an unsupported OS) are out there buying software? I won’t be bothering to support signing for XP SP2.

Does this affect SSL certificates as well as code signing (Authenticode) certificates?

I believe so. But I don’t have any SSL certificates, so I haven’t investigated further.

How does this affect signing of device drivers?

I understand there are some differences for device drivers. But I don’t create device drivers, so I haven’t investigated further.

What is the difference between SHA2 and SHA256?

SHA2 is a family of two similar hash functions known as SHA256 and SHA512. SHA256 uses 32-bit words where SHA512 uses 64-bit words.

How secure is SHA2?

Er, it was designed by the NSA. Supply your own joke.

I don’t have a digital certificate, where can I get one?

I got my Comodo code signing certificate from reseller codesigning.ksoftware.net. They have a good reputation, and are significantly cheaper than Comodo. I don’t have any business relationship with them beyond being a happy customer.

Anything else I should know?

Microsoft has reserved the right to move the SHA1 deprecation date forward from 01-Jan-2017.

Acknowledgements

Thanks to Nikos Bozinis for first alerting me to this issue and to Mitchell Vincent of ksoftware.net for fact checking this article.